It’s getting worse. What was once a vague threat of eavesdropping, if you didn’t encrypt your email, has reached over into areas where many of us, from consumers to tech providers (of security hardware, no less) once felt fairly safe.

August 4, 2008 (IDG News Service) Nearly a month after a critical flaw in the Internet’s Domain Name System was first reported, vendors of some of the most widely used firewall software packages are scrambling to fix a problem that can essentially undo portions of the patches that address this bug.

Some firewall software undoes a source port randomization feature that was introduced in the DNS patches. While this change doesn’t completely negate the DNS patch, it could make it easier for attackers to pull off a cache-poisoning attack against the DNS server, security experts say.

This could lead to virtually undetectable phishing attacks against users of those DNS servers.